ETHICAL HACKING CLASS ASSIGNMENT

Introduction to Information Security

What is Information Security?

TYPES OF DATA

1.Public Available Data

Eg :- Student’s Rules and Regulations -Job Postings -Insurance’s Policy and Services

2. Confidential Data:- is a data restricted for only people who are authorized.

Eg:- Exams -Bank Customer Information

3.Restricted or Private Data :-

Eg:- Email Passwords - Medical Results -New Design of a Company

Information Security :- is a way of protecting information on physical files and servers.

TYPES OF HACKERS

1. White Hat Hackers: are ethical hackers.

2. Gray Hat Hackers: are both ethical and malicious hackers.
3. Black Hat Hackers: are unethical hackers.

OTHER TYPES OF HACKERS:

 Script Kiddie:- are hackers free from knowledge of programming ,so they use other’s
software tools for hacking.
 Hacktivists :- a person or group that uses hacking skills to promote political ideologies.
 Phreakers:- are hackers that use their mobiles instead of computers to steal information
and resources(money).
INFORMATION GATHERING

Is a process of collecting enough information about the victim or system that we intend to hack.

It is the first step or beginning stage of ethical hacking.

 The more information gathered about the target, the more probability to obtain relevant
results.

Tools or websites to gather information:-

 Who is
 NS lookup

3 Categories of Information gathering

 Foot printing-
 Scanning-
 Enumeration-
1. Foot printing: a way of collecting information about the victim or network, so we can
understand the standard of their security.

Types of Foot printing

I. Active foot printing
-Are performed by collecting data that are released continuously intentionally or
by direct contact of the power.
II. Passive foot printing
-It involves the collection of data without the acknowledgment of owner about
hackers actions .
SUB-BRANCHES OF FOOT PRINTING
a. Open-source foot printing:
It is the safest one cause it only involves collecting information that are official.
b. Network based-foot printing:
Using this hacktivists can retrieve information within a group or data that are shared
among individuals, network sevices.
c. DNS Interrogation :
It is used to gather information about a domain by querying its DNS server.
There are many freeware tools available online to perform this.

TOOLS, TRICKS OR TECHNIQUES FOR INFORMATION GATHERING

TOOLS

 Whois tool : used to know who owns different website domains and phone numbers.
 ICNN
 Harvester tool: a software that is written with python script programming language. It
collects subdomains and email addresses from Google, Yahoo, Bing and so on.
  Metagoofi tool
 Netifera tool: Used to collect information like websites IP address and programming
language they use to develop the website.

TECHNIQUES

 OS Detection: By sending illegal TCP or ICMP packets towards the victim’s computer, we
can know their OS.
 Ping Sweep

TRICKS

 We can gather information from social media

 Hackers can also collect information from the email header.

OBJECTIVES OF FOOT PRINTING

o Collecting Network Information

o Collecting System Information
o Collecting Organizational Information

COUNTER MEASURES TO PROTECT OURSELVES FROM FOOTPRINTING

 Identifying Information which are needed to be in public and which are not
 Don’t put unnecessary information into any profile, social networking account or any
website
 Don’t keep personal contact number in any company or organization phone book,
mainly to prevent war-dialing

COUNTER MEASURES AGAINST DNS INTEGORRATION

 Keeping internal DNS and external DNS separate

 Restrict and disable zone transfer to authorized servers

INTRODUCTION TO MALWARE

DEFINITION:

MALWARE: Is harmful software designed to damage, disrupt or steal data from a

computer or network.

4 types of malwares
 1. Virus: Is a type of malware that attaches it self to files or programs, spreads to other
computers and can damage or disrupt the system.

2. Worm: Is a type of malware that can copy and spread it self across computers or
networks without needing to attach to other files or programs.

3. Trojan Horse: Is a malware that pretends to be a useful or harmless program, but once
installed, it secretly performs harmful actions like stealing data or giving hackers access
to your system.

4. Bot: Is automated program designed to perform harmful activities online. They are
controlled by hackers or malicious actors to cause damage, steal data or disrupt
systems.

Examples:

-Spam bots: Send massive amounts of unwanted messages or emails.

-Scraper bots: Steal content, passwords or sensitive data from websites.

MALWARE

Common Features of Malware :-

 Overwhelming system resources

 Running malicious adware
 Running spyware (eg-filogware)
 Running run some ware
 Creating back door
 Disabling security function (eg;- disabling antivirus softwares)
 Creating botnet

SOURCES OF MALWARE

1. Removable Media : USB flashes carries boot sector viruses

Some hackers leave USB flashes in the public to multiply this viruses.

2. Documents and Executables : Since viruses stick with files i.e. PDF, pictures, sharing files
may be considered as sharing viruses, so to protect ourself from this we should receive
files from trustworthy people or if we are a little suspended we can delete it.
 3. Internet Download: We can vulnerable to Trojan horses while downloading free games
or anything else from different source; therefore, we should first know the source.
4. Network Connection: Worms can be transferred while we connect our computers to the
network or internet without our involvement or permission.
5. Email Attachments: Social enginerring is one way of spreading worms.
6. Drive by downloads: Malwares can also be transferred by only viewing websites,
without you clicking anything.
7. Pop-ups:-some websites allow pop-up advertisement.
DEFENSE AGAINST MALWARE
1. Backing up data
2. Using Firewall
3. Installing software patches
4. Installing antivirus software
5. User education
NETWORK SECURITY

NETWORK: is the flow of information between two or more devices or a group of connected
devices that share data and resources.

INTERNET: is world wide network of networks.

Example of ISP: Comcast and Time warner

CLOUD VIEW OF THE INTERNET

Private and Public IP address

If our public IP address is different, having the same private IP address will gonna be okay.

INTRODUCTION TO SYSTEM HACKING

HOW HACKERS HACK IN TO THE SYSTEM

FIRST, hackers use viruse, phishing technique, Trojan horses, worms…

After they get in to the system, they can steal passwords, destroy info, and they can also steal
our money, they can also give info to the 3rd system.

They can also make websites non-functional by crowding it.

If they control server, they can make different programs and info messy.
INTRODUCTION TO LINUX SYSTEM HACKING

Linux is one of the OS that are very strong in the world.

INTRODUCTION TO WINDOWS SYSTEM HACKING

WOS is less secured than MACOS and linux.

Precautions against system hacking

1. Use extreme caution while entering chatroom

2. Carefully deal with friends request from online social networking sites and emails
3. Don’t open unnecessary email from strangers or unknown senders
4. Use firewall and update it
5. Update the os for better patches
6. Avoid questionable websites………

Introduction to web hacking

How to hack website?

Information gathering websites’ –network, hardware, link and host

TECHNIQUES WE CAN USE TO HACK WEBSITES

 BUG BOUNTY
 FINDING NETWORK VULNERABILITY
 SOCIAL ENGINEERING

PRECAUTION TO PROTECT WEBSITES FROM HACKING

 Updating every system

 Find a good cyber expert
 Collaborate with bug bounty programs